A Framework for Secure, Mission-Ready Cloud Solutions

By John Nemoto, VP, CGI Federal Inc

John Nemoto, VP, CGI Federal Inc

In the past year or so, the U.S. Department of Defense (DoD) has made a number of changes to make it easier for DoD agencies to buy cloud services, including accepting some additional risk for less mission-critical data.

The Defense Information Systems Agency (DISA) and the DoD Chief Information Officer also have published a cloud security requirements guide (SRG) to provide more standardized definitions across the Department to facilitate cloud adoption.

A recent news release stated, “As DISA advances cloud capabilities for the Department of Defense (DOD), it embraces the opportunities to use commercial cloud solutions to reduce operational costs, release available resources, enhance standardization, and increase agility and responsiveness to the changing needs of mission partners.” While there is a sense of momentum and excitement across the DoD about moving to the cloud, the emerging model of doing so faces numerous challenges, such as:

• Lack of a unified model for deploying continuous monitoring across hybrid cloud environments
• Authorization processes that are not easily replicated across commercial cloud services providers (CSPs)
• Fragmented and non-standard security reporting processes between organizations and CSPs
• Lack of risk awareness and single-pane-of-glass-visibility for stakeholders
• Barriers for mission owners to adopt innovative services and technologies from CSPs
• Cybersecurity approached as an “add on” and not embedded into cloud solutions
• Inefficient compliance reporting model that results in “sprawl” across CSPs and agencies

Based on our experience as a CSP with provisional authority to operate from both the Federal Risk Management Authorization Program (FedRAMP) and DISA, CGI has developed a framework for enabling secure cloud solutions for DoD mission owners. This framework is based on continuous, repeatable, agnostic, transparent, evolving and secure attributes:

Through such a security framework, DoD agencies and other government organizations can build a comprehensive layer of defense designed to secure their cloud-based IT portfolios.

CGI offers a unique combination of cloud and cybersecurity expertise, along with our CGI Unify360 hybrid IT management suite and CGI AssureIQ risk-based approach to continuous monitoring, to support our federal government clients’ move to the cloud.

As the Hybrid IT and Modernization Practice Lead within CGI Federal’s Emerging Technologies Practice, John manages a team developing innovative solutions for hybrid IT management for federal, commercial, and global clients.

Weekly Brief

Read Also

Automate, Orchestrate, and Delegate

Automate, Orchestrate, and Delegate

Ian Hill, Global Director of Cyber Security, BAM
Becoming a Leader in Enterprise Security

Becoming a Leader in Enterprise Security

RANDY RAW, VP of Information Security, Veterans United Home Loans
How Blockchain can Support Future Industrial Evolution

How Blockchain can Support Future Industrial Evolution

Odile PANCIATICI, Blockchain Project VP, Groupe Renault
How Modernized Encryption Standards and TLS 1.3May Impact Your Security Strategy

How Modernized Encryption Standards and TLS 1.3May Impact Your...

Ben Schoenecker, CISSP, Director of Information Security, Hendrick Automotive Group
IT Security: A Practical Approach

IT Security: A Practical Approach

Christopher McCarey, Director of IT Security for Gila River Hotels & Casinos – Wild Horse Pass, Lone Butte and Vee Quiva

"Keeping it REAL with your Security Vendors"

Robert Pace - VP/CISO, Invitation Homes